7 Aug
2021
7 Aug
'21
6:21 p.m.
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu hyc@symas.com wrote:
Also for clarity: We consider "Critical" bugs to include security flaws resulting in unauthorized data disclosure, or unauthorized remote code execution. We do not consider assert() failures or crashes resulting only in Denial of Service as security flaws.
That's fine as a general statement, but what we need is an explicit *documented* policy. Likely under "Release Documents" here: https://www.openldap.org/software/
Sounds like you should open a ticket against the website then.
Once we have a clear, concise well formed policy I'll do that.
That's backwards. The ticket has to exist before anyone writes a patch/MR for it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/